CVE-2026-4313

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this...

EUVD-2026-25414

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this...

PT-2026-34874

AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation by the server results in arbitrary JavaScript execution in the victim's browser. Critically, this...

About the Remote Code Execution Vulnerability - n8n (CVE-2025-68613)

About Remote Code Execution Vulnerability - n8n CVE-2025-68613. n8n is a workflow automation platform available under a fair-code license. Improper Control of Dynamically-Managed Code Resources CWE-913 in the n8n workflow expression evaluation system allows a remote authenticated attacker without...

PayPal February 2026 Notice of Data Breach

PayPal has released this notice of data breach to its customers following a data exposure issue that spanned from July 1, 2025 to December 13, 2025...

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need...

CVE-2025-67477

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from before...

CVE-2025-67475

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6,...

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant CHP supplying heat to almost half a million customers in...

Russia-Aligned ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid

The "coordinated" cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state-sponsored hacking crew known as ELECTRUM. Operational technology OT cybersecurity company Dragos, in a new intelligence brief published Tuesday,...

Azure File Sync Agent v22.0 Release – December 2025 (KB5056967)

Update Rollup for Azure File Sync agent version 22.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v22.0 Release – December 2025 (KB5056967)

Update Rollup for Azure File Sync agent version 22.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v22.0 Release – December 2025 (KB5056967)

Update Rollup for Azure File Sync agent version 22.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Security Bulletin: Enterprise Content Managemant System Monitor for December 2025 - multiple CVEs

Summary Enterprise Content Management System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...

Wordfence Bug Bounty Program Monthly Report – December 2025

Last month in December 2025, the Wordfence Bug Bounty Program received 759 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfen...

CVE-2025-66002

An Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper...

CVE-2025-64125

A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 December, 2025. End users do not have to take any action to mitigate the issue...

EUVD-2025-206223

A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 December, 2025. End users do not have to take any action to mitigate the issue...

CVE-2025-64125 Nuvation Energy nCloud Client-to-Client Communication

A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 December, 2025. End users do not have to take any action to mitigate the issue...

CVE-2025-64125

Observation: CVE-2025-64125 affects Nuvation Energy nCloud VPN Service and enables Network Boundary Bridging. The issue is confirmed in multiple feeds (NVD/Red Hat) and is fixed as of 2025-12-01; end users did not need to take mitigation action. The available metrics indicate a high-severity impa...